rosapps/applications/net/ncftp/ncftp/preffw.c

   1 /* preffw.c
   2  *
   3  * Copyright (c) 1992-2001 by Mike Gleason.
   4  * All rights reserved.
   5  *
   6  */
   7
   8 #include "syshdrs.h"
   9
  10 #include "pref.h"
  11 #include "util.h"
  12
  13 /* How many times they've run this program. */
  14 int gNumProgramRuns = 0;
  15
  16 /* Firewall/proxy configuration parameters. */
  17 int gFirewallType;
  18 char gFirewallHost[64];
  19 char gFirewallUser[32];
  20 char gFirewallPass[32];
  21 char gFirewallExceptionList[256];
  22 unsigned int gFirewallPort;
  23 int gFirewallPrefsLoaded = 0;
  24
  25 /* Active or passive FTP?  (PORT or PASV?)  Or both? */
  26 int gDataPortMode;
  27
  28 /* Hack so the user/admin can set passive in the firewall
  29  * prefs file.
  30  */
  31 int gFwDataPortMode = -1;
  32
  33 extern FTPLibraryInfo gLib;
  34 extern char gOurDirectoryPath[], gUser[], gVersion[];
  35
  36
  37 /* Save a sample configuration file for the firewall/proxy setup. */
  38 void
  39 WriteDefaultFirewallPrefs(FILE *fp)
  40 {
  41         char *cp;
  42         time_t now;
  43
  44         FTPInitializeOurHostName(&gLib);
  45         cp = strchr(gLib.ourHostName, '.');
  46
  47         (void) fprintf(fp, "%s", "\
  48 # NcFTP firewall preferences\n\
  49 # ==========================\n\
  50 #\n\
  51 ");
  52
  53         (void) fprintf(fp, "%s", "\
  54 # If you need to use a proxy for FTP, you can configure it below.\n\
  55 # If you do not need one, leave the ``firewall-type'' variable set\n\
  56 # to 0.  Any line that does not begin with the ``#'' character is\n\
  57 # considered a configuration command line.\n\
  58 ");
  59         (void) fprintf(fp, "%s", "\
  60 #\n\
  61 # NOTE:  NcFTP does NOT support HTTP proxies that do FTP, such as \"squid\"\n\
  62 #        or Netscape Proxy Server.  Why?  Because you have to communicate with\n\
  63 #        them using HTTP, and this is a FTP only program.\n\
  64 ");
  65         (void) fprintf(fp, "%s", "\
  66 #\n\
  67 # Types of firewalls:\n\
  68 # ------------------\n\
  69 #\n\
  70 #    type 1:  Connect to firewall host, but send \"USER user@real.host.name\"\n\
  71 #\n\
  72 ");
  73         (void) fprintf(fp, "%s", "\
  74 #    type 2:  Connect to firewall, login with \"USER fwuser\" and\n\
  75 #             \"PASS fwpassword\", and then \"USER user@real.host.name\"\n\
  76 #\n\
  77 #    type 3:  Connect to and login to firewall, and then use\n\
  78 #             \"SITE real.host.name\", followed by the regular USER and PASS.\n\
  79 #\n\
  80 ");
  81         (void) fprintf(fp, "%s", "\
  82 #    type 4:  Connect to and login to firewall, and then use\n\
  83 #             \"OPEN real.host.name\", followed by the regular USER and PASS.\n\
  84 #\n\
  85 #    type 5:  Connect to firewall host, but send\n\
  86 #             \"USER user@fwuser@real.host.name\" and\n\
  87 #             \"PASS pass@fwpass\" to login.\n\
  88 #\n\
  89 ");
  90         (void) fprintf(fp, "%s", "\
  91 #    type 6:  Connect to firewall host, but send\n\
  92 #             \"USER fwuser@real.host.name\" and\n\
  93 #             \"PASS fwpass\" followed by a regular\n\
  94 #             \"USER user\" and\n\
  95 #             \"PASS pass\" to complete the login.\n\
  96 #\n\
  97 ");
  98         (void) fprintf(fp, "%s", "\
  99 #    type 7:  Connect to firewall host, but send\n\
 100 #             \"USER user@real.host.name fwuser\" and\n\
 101 #             \"PASS pass\" followed by\n\
 102 #             \"ACCT fwpass\" to complete the login.\n\
 103 #\n\
 104 #    type 0:  Do NOT use a firewall (most users will choose this).\n\
 105 #\n\
 106 firewall-type=0\n\
 107 #\n\
 108 #\n\
 109 #\n\
 110 ");
 111         (void) fprintf(fp, "%s", "\
 112 # The ``firewall-host'' variable should be the IP address or hostname of\n\
 113 # your firewall server machine.\n\
 114 #\n\
 115 ");
 116
 117         if (cp == NULL) {
 118                 (void) fprintf(fp, "firewall-host=firewall.domain.com\n");
 119         } else {
 120                 (void) fprintf(fp, "firewall-host=firewall%s\n", cp);
 121         }
 122
 123         (void) fprintf(fp, "%s", "\
 124 #\n\
 125 #\n\
 126 #\n\
 127 # The ``firewall-user'' variable tells NcFTP what to use as the user ID\n\
 128 # when it logs in to the firewall before connecting to the outside world.\n\
 129 #\n\
 130 ");
 131         (void) fprintf(fp, "firewall-user=%s\n", gUser);
 132         (void) fprintf(fp, "%s", "\
 133 #\n\
 134 #\n\
 135 #\n\
 136 # The ``firewall-password'' variable is the password associated with\n\
 137 # the firewall-user ID.  If you set this here, be sure to change the\n\
 138 # permissions on this file so that no one (except the superuser) can\n\
 139 # see your password.  You may also leave this commented out, and then\n\
 140 # NcFTP will prompt you each time for the password.\n\
 141 ");
 142         (void) fprintf(fp, "%s", "\
 143 #\n\
 144 firewall-password=fwpass\n\
 145 #\n\
 146 #\n\
 147 #\n\
 148 # Your firewall may require you to connect to a non-standard port for\n\
 149 # outside FTP services, instead of the internet standard port number (21).\n\
 150 #\n\
 151 firewall-port=21\n\
 152 ");
 153         (void) fprintf(fp, "%s", "\
 154 #\n\
 155 #\n\
 156 #\n\
 157 # You probably do not want to FTP to the firewall for hosts on your own\n\
 158 # domain.  You can set ``firewall-exception-list'' to a list of domains\n\
 159 # or hosts where the firewall should not be used.  For example, if your\n\
 160 # domain was ``probe.net'' you could set this to ``.probe.net''.\n\
 161 #\n\
 162 ");
 163         (void) fprintf(fp, "%s", "\
 164 # If you leave this commented out, the default behavior is to attempt to\n\
 165 # lookup the current domain, and exclude hosts for it.  Otherwise, set it\n\
 166 # to a list of comma-delimited domains or hostnames.  The special token\n\
 167 # ``localdomain'' is used for unqualified hostnames, so if you want hosts\n\
 168 # without explicit domain names to avoid the firewall, be sure to include\n\
 169 # that in your list.\n\
 170 #\n\
 171 ");
 172
 173         if (cp != NULL) {
 174                 (void) fprintf(fp, "firewall-exception-list=%s,localhost,localdomain\n", cp);
 175         } else {
 176                 (void) fprintf(fp, "firewall-exception-list=.probe.net,localhost,foo.bar.com,localdomain\n");
 177         }
 178
 179         (void) fprintf(fp, "%s", "\
 180 #\n\
 181 #\n\
 182 #\n\
 183 # You may also specify passive mode here.  Normally this is set in the\n\
 184 # regular $HOME/.ncftp/prefs file.  This must be set to one of\n\
 185 # \"on\", \"off\", or \"optional\", which mean always use PASV,\n\
 186 # always use PORT, and try PASV then PORT, respectively.\n\
 187 #\n\
 188 #passive=on\n");
 189
 190         time(&now);
 191         (void) fprintf(fp, "\
 192 #\n\
 193 #\n\
 194 #\n\
 195 # NOTE:  This file was created for you on %s\
 196 #        by NcFTP %.5s.  Removing this file will cause the next run of NcFTP\n\
 197 #        to generate a new one, possibly with more configurable options.\n",
 198         ctime(&now),
 199         gVersion + 11);
 200         (void) fprintf(fp, "\
 201 #\n\
 202 # ALSO:  A %s file, if present, is processed before this file,\n\
 203 #        and a %s file, if present, is processed after.\n",
 204                 kGlobalFirewallPrefFileName,
 205                 kGlobalFixedFirewallPrefFileName
 206         );
 207 }       /* CreateDefaultFirewallPrefs */
 208
 209
 210
 211
 212 void
 213 ProcessFirewallPrefFile(FILE *fp)
 214 {
 215         char line[256];
 216         char *tok1, *tok2;
 217         int n;
 218
 219         /* Opened the firewall preferences file. */
 220         line[sizeof(line) - 1] = '\0';
 221         while (fgets(line, sizeof(line) - 1, fp) != NULL) {
 222                 tok1 = strtok(line, " =\t\r\n");
 223                 if ((tok1 == NULL) || (tok1[0] == '#'))
 224                         continue;
 225                 tok2 = strtok(NULL, "\r\n");
 226                 if (tok2 == NULL)
 227                         continue;
 228                 if (ISTREQ(tok1, "firewall-type")) {
 229                         n = atoi(tok2);
 230                         if ((n > 0) && (n <= kFirewallLastType))
 231                                 gFirewallType = n;
 232                 } else if (ISTREQ(tok1, "firewall-host")) {
 233                         (void) STRNCPY(gFirewallHost, tok2);
 234                 } else if (ISTREQ(tok1, "firewall-port")) {
 235                         n = atoi(tok2);
 236                         if (n > 0)
 237                                 gFirewallPort = (unsigned int) n;
 238                 } else if (ISTREQ(tok1, "firewall-user")) {
 239                         (void) STRNCPY(gFirewallUser, tok2);
 240                 } else if (ISTREQ(tok1, "firewall-pass")) {
 241                         (void) STRNCPY(gFirewallPass, tok2);
 242                 } else if (ISTREQ(tok1, "firewall-password")) {
 243                         (void) STRNCPY(gFirewallPass, tok2);
 244                 } else if (ISTREQ(tok1, "firewall-exception-list")) {
 245                         (void) STRNCPY(gFirewallExceptionList, tok2);
 246                 } else if (ISTREQ(tok1, "passive")) {
 247                         if (ISTREQ(tok2, "optional")) {
 248                                 gDataPortMode = gFwDataPortMode = kFallBackToSendPortMode;
 249                         } else if (ISTREQ(tok2, "on")) {
 250                                 gDataPortMode = gFwDataPortMode = kPassiveMode;
 251                         } else if (ISTREQ(tok2, "off")) {
 252                                 gDataPortMode = gFwDataPortMode = kSendPortMode;
 253                         } else if ((int) isdigit(tok2[0])) {
 254                                 gDataPortMode = gFwDataPortMode = atoi(tok2);
 255                         }
 256                 }
 257         }
 258 }       /* ProcessFirewallPrefFile */
 259
 260
 261
 262
 263 /* Load those options specific to the firewall/proxy settings.  These are
 264  * kept in a different file so that other programs can read it and not
 265  * have to worry about the other junk in the prefs file.
 266  */
 267 void
 268 LoadFirewallPrefs(int forceReload)
 269 {
 270         FILE *fp, *fp2;
 271         char pathName[256];
 272         char *cp;
 273         int userFile = 0;
 274         int sysFile = 0;
 275
 276         if ((gFirewallPrefsLoaded != 0) && (forceReload == 0))
 277                 return;
 278         gFirewallPrefsLoaded = 1;
 279
 280         if (gOurDirectoryPath[0] == '\0')
 281                 return;         /* Don't create in root directory. */
 282         (void) OurDirectoryPath(pathName, sizeof(pathName), kFirewallPrefFileName);
 283
 284         /* Set default values. */
 285         gFirewallType = kFirewallNotInUse;
 286         gFirewallPort = 0;
 287         gFirewallHost[0] = '\0';
 288         gFirewallUser[0] = '\0';
 289         gFirewallPass[0] = '\0';
 290         gFirewallExceptionList[0] = '\0';
 291
 292         fp2 = fopen(kGlobalFirewallPrefFileName, FOPEN_READ_TEXT);
 293         if (fp2 != NULL) {
 294                 /* Initialize to system-wide defaults. */
 295                 ProcessFirewallPrefFile(fp2);
 296                 (void) fclose(fp2);
 297                 sysFile++;
 298         }
 299
 300         fp = fopen(pathName, FOPEN_READ_TEXT);
 301         if (fp != NULL) {
 302                 /* Do user's firewall file. */
 303                 ProcessFirewallPrefFile(fp);
 304                 (void) fclose(fp);
 305                 userFile = 1;
 306         }
 307
 308         fp2 = fopen(kGlobalFixedFirewallPrefFileName, FOPEN_READ_TEXT);
 309         if (fp2 != NULL) {
 310                 /* Override with system-wide settings. */
 311                 ProcessFirewallPrefFile(fp2);
 312                 (void) fclose(fp2);
 313                 sysFile++;
 314         }
 315
 316         if ((userFile == 0) && (sysFile == 0)) {
 317                 /* Create a blank one, if
 318                  * there were no system-wide files.
 319                  */
 320                 fp = fopen(pathName, FOPEN_WRITE_TEXT);
 321                 if (fp != NULL) {
 322                         WriteDefaultFirewallPrefs(fp);
 323                         (void) fclose(fp);
 324                         (void) chmod(pathName, 00600);
 325                         gNumProgramRuns = 1;
 326                 }
 327         }
 328
 329         if (gFirewallExceptionList[0] == '\0') {
 330                 FTPInitializeOurHostName(&gLib);
 331                 cp = strchr(gLib.ourHostName, '.');
 332
 333                 if (cp != NULL) {
 334                         (void) STRNCPY(gFirewallExceptionList, cp);
 335                         (void) STRNCAT(gFirewallExceptionList, ",localdomain");
 336                 }
 337         }
 338 }       /* LoadFirewallPrefs */